Reliability of cyberphysical system (CPS) components substitution is an important issue for CPS troubleshooting and system upgrading. In this paper, decision problem of components substitution is regarded as decision problem of services substitution through a service-oriented architecture of CPS. Further, a reliability assurance method for CPS service substitution is proposed, which comprises two parts. The first one is a qualitative judgment method for CPS service substitution according to the relationship between service compatibility and substitution based on time-space
Cyberphysical system (CPS) is a new concept in the information field in recent years. CPS is defined [
Since CPS has impact on physical processes and an unreliable operation may lead to disastrous consequences, CPS components’ reliable substitution is an important issue for troubleshooting and system upgrading. The first problem is how to design the system architecture of CPS. However, the research on architecture is still at knowledge preliminary and exploratory stage both at home and abroad. Tan Ying proposed prototype architecture of CPS [
There are many formal modeling research on CPS, including Petri Net (PN) [
The remainder of this paper is organized as follows. In Section
In this section, a service-oriented architecture is proposed that distributed and open-ended CPS is regarded as a combination of encapsulated CPS service, following some business logic and business processes. The service-oriented architecture is shown in Figure
SOA framework of CPS.
Service implementation layer is the foundation of this architecture, and it is also the implementation of CPS service interface. Details about how to implement it are hidden for service users, and different service providers can use different technology to implement the same service interface. Each CPS service implementation contains sense-actuate unit, communications unit, and computation-control unit. Sense unit monitors physical world and transfers monitoring information to computation unit through communications unit. Then computation unit determines strategies and sends them to control unit. Control unit gives instructions to actuate unit through communications unit, to control physical processes. Each unit is described as follows. Sense-actuate unit contains sensors, actuators, and terminal computation module. Sensors monitor physical entities and physical environment. Actuators control physical processes. Terminal computation module contains basic executive rules of actuator and has small storage capacity of real-time data. Communications unit provides ubiquitous communication mechanism by fusing 2G, 3G, 4G, and so forth. This unit also involves real-time interaction, integration of heterogeneous networks, security of communications, and communication quality. Computation-control unit contains computation unit and control unit. Computation unit mixes discrete domain and continuous domain together. Control unit implements strict management to time and space. Strategies determined by this unit can be supported by cloud computing center and knowledge base.
Service abstraction layer defines service functions accessed outside and how to access them. However, this layer does not contain the details about how to implement them. This layer also involves service description, service registry, service discovery, and quality of service. Specially, it describes interfaces’ characteristics, operation’s usability, parameters, data type, and access protocol. Through this layer, services or modules outside know what CPS service can do, how to find it, how to exchange message, how to invoke it, and what returned results may be. Specially, there must be physical properties in CPS service description, for example, timestamp, position information and energy information of physical entities, for service implementation layer contains physical unit (computation unit and control unit) and monitored information without temporal and spatial information is meaningless. There are two types of services in this layer, that is, business service and infrastructure service. Each type is described as follows. Business service is part of business process and fine-grained subprocess of business requirement. It can fulfill a specific business task automatically and can be reused among different business processes. It is of two kinds: business function service and common service. The former is related to some business area for example, real-time positioning, driver monitor, and remote alarm in an intelligent transportation CPS. The latter one can be used in different business areas for example, common algorithm, data transformation, and so forth. Infrastructure service is the foundation of standardized integration of CPS service. It involves time synchronization, space constraints, general technology, access adapter, service management, and interaction service. Time synchronization and space constraints are guaranteed to meet the temporal and spatial condition when physical units and cyber units are mixed together in multiple scales. General technology provides technology infrastructure for developing, delivering, maintaining CPS service, as well as the abilities of security, performance, availability, and so forth. Access adapter changes available resources of legacy systems into individual business service. Service management is to monitor CPS service’s state and provide support for abnormal condition for example, SLA, capacity planning, cause analysis, and so forth. Interaction service is used for arranging interfaces of CPS service into intelligent device, not only for human-computer interaction.
Business process layer involves a number of business processes, where each business process is composed of CPS services following regular rules. It is necessary to set up a properly complicated and reliable layer like this, since a lot of fine-grained CPS services will lead to great cost and be ineffective. This layer also involves service collaboration, service composition, service substitution, and space-time constraints.
Application layer involves many industry applications of CPS, in which each system is composed of business processes. These business processes are cooperated with each other in order to fulfill higher level business goals. Compared with business process layer, this layer tend to be more focused on integrating all kinds of application requirements from combining professional knowledge with business model in different industries.
Interface of CPS service, containing interface characteristics, operation usability, parameters, data type and access protocol, is implemented with component technology. Service users can know what CPS service can do, how to find it, how to exchange message, how to invoke it, and what may returned results be through interface. However, details about how to implement it are hidden; therefore, service providers can implement a same service interface by different technologies. Since CPS service provides interface to receive and send messages and transit from initial state to final state by triggering of send-receive actions. Meanwhile, it takes time and consumes energy to complete these actions. Let us give the definition of CPS service view.
A CPS service view is defined as nine tuples:
: Initial state of CPS service.
Performing complex business tasks typically needs to make a number of CPS services work together. It is therefore necessary to ensure that these services are able to interact properly, which is the notion of compatibility. Compatibility is aimed at interactive processes of CPS services. From the aspect of CPS service view, an interactive process represents a series of calls between two CPS services. When one CPS service sends (resp., receives) message, this means that the other CPS service simultaneously evolves by receiving it (resp., sending it). So in a sense the behavior of CPS service 2 should be the same as CPS service 1, but with receptions instead of emissions, and vice versa. The dual service
There are two CPS service views
When
When
Interaction element represents a step of interaction between two CPS services. Normal interaction element represents a successful interaction, in which the two interactive actions are dual with a same receiving (resp., sending) message. Abnormal interaction element represents an unsuccessful interaction, in which one CPS service has receiving action but the other does not have sending one. As shown in Figure
Interaction between
Compatibility between two CPS services arises at different levels, that is, static compatibility and dynamic compatibility. Static compatibility is the semantic and syntactic compatibility. Dynamic compatibility is that exchanges of messages are ordered in matched sequences without deadlock and livelock, and there are no sending messages that cannot be received by one of the two CPS services. Assuming that CPS service
Let
In Figure
In this section, time-space
CPS service has a good corresponding relationship with process of
Since relative accuracy of the time is enough to meet quality of CPS service requirement, discrete time domain is adopted to describe time characteristic of CPS in this paper. Properties of discrete time domain are defined as follows.
Discrete time domain For all for all for all for all for all for all for all
Physical components of CPS are abstracted to spatial objects based on OGC [
All the observable energy, which supports physical components of CPS functioning well, is called energy information of CPS. It includes many kinds, for example, electric energy, heat energy, and so forth, and can be consumed and replenished. Assuming that process
0 is nil process.
Time operator ( Position operator. Consider
Energy operator. Consider
Operational semantics of PREFIX, SUM, PAR, COM, MATCH, RES, and OPEN can be seen in [
The performance influence of time-space
Let Whenever Whenever
If symmetric requirements with
Properties of weak bisimulation can be seen in [
Substitutability is closely related to compatibility. Combining related research results, sufficient conditions of CPS service substitution are proposed. Let
Let
Let
According to condition one and Definitions
When Theorem
Substitution processes presented in this paper consist of service desk, event management, problem management, change management, configuration management, and knowledge base management. As shown in Figure
Whole flowchart of CPS service substitution.
Based on this unified access point, all substitution requests are recorded completely and supported preliminarily, and then they are passed to substitution implementer to ensure timeliness of request handing. Service desk can provide accurate process information from start to finish.
For requests about CPS services fully compatible, this process provides substitution corresponding service according to SLA.
For requests about CPS services partially compatible, abnormal interaction elements are found out by assessment and analysis in this process. Then, substitution solution is formulated and implemented. Problem management minimizes the effects of abnormal interaction elements to improve service quality and customer satisfaction and also provides support to change management process.
This process coordinates with problem management process to implement changes of CMDB. Change management reduces failure rate caused by system changes.
In this process, description information of CPS service, for example, states, actions, messages, time and space characteristics, and so forth, are centrally managed in CMDB. Configuration management records and controls the changes of CPS.
This process supports storing, auditing, filtering, updating, and abolishing substitution-related knowledge and accumulates experience about past events and problems solutions.
In this section, we take Electronic Fence in hazardous chemicals transport CPS for example (shown in Figure
Real pictures of Electronic Fence in hazardous chemicals transport CPS.
Business case descriptions of electronic fence are as follows. When a tank vehicle loading hazardous chemical products has traffic accident, once sensors in it monitor unusual states, vehicle terminal would send alarms to accident handling center. The center can decide whether it is necessary to set electronic fence by analyzing remote monitoring information, including tank temperature, gas strength, tank liquid level, tank pressure, and so forth. If needed, electronic fence would be set. Then tank vehicles inside the electronic fence are given early warnings periodically. Meanwhile, tank vehicles outside are informed periodically.
Based on the models proposed in Section
Primal business process of the Electronic Fence.
Because of user requirements changing, the system upgrades and agent of traffic accident treatment platform is added. Specifically, after remote diagnosing, traffic accident information must be reported to this agent, and when electronic fence setting is completed, electronic fence information must be reported to this agent too. As shown in Figure
Upgraded business process of the Electronic Fence.
Let
Within
Within
Within
Since not directly interact with
Let
Within
Within
From the results of above analysis,
In order to decide whether For condition 1, taking software and hardware attributes of actual CPS services into For condition 2, let For condition 3, assuming
We use MWB software tool to derive that For condition 4, seen from Figures
Obviously,
From the above, as long as
As can be seen from Figure
In actual operation, after three rounds testing and half year's test running, substituted electronic fence runs well, which fully proves that the above analysis results are correct. This case study shows that the reliability assurance method mentioned in the paper can assist users in CPS components substitution and ensure the reliability of upgraded CPS; therefore, this method is reasonable and feasible.
In this paper, CPS components substitution is equated to CPS service substitution, and a reliability assurance method for CPS service substitution is provided. Thecasestudyproves that the method is innovative and practical. Our future works will focus on two aspects: (1) how to realize incompatible CPS service substitution through adding process adapter, so as to expand the sample selection space. (2) Take further study on action-time function and action-energy function, construct time and energy state space, then we can make optimal service composition decision in this state space, and provide reference for the optimization selection of CPS service substitution.
The authors would like to respectively thank Dr. Xing Zhao and Dr. Liwei Sheng from College of Computer Science and Technology, Fudan University for providing useful insights. This work is supported by National High Technology Research and Development Program of China (no. 2011AA010101), National Natural Science Foundation of China (no. 71171148), and key research project of Shanghai Science and Technology Committee (no. 11DZ1501703).